fix: resolve relative file paths within a local workspace root for the SendMessageToUserTool

[Blueteemo]

问题描述

send_message_to_user 发送文件时，传入相对路径（如 filename.md）会先尝试绝对路径失败，再试绝对路径才成功，浪费 token。

修复方案

在 _resolve_path_from_sandbox 方法中，当 path 是相对路径时，先尝试解析到 workspace 目录下检查文件是否存在。同时添加了 path 安全检查，防止 .. 等路径遍历问题。

Related Issue

Fixes #7632

Summary by Sourcery

Bug Fixes:

• Ensure non-absolute paths in send_message_to_user are resolved relative to the active workspace when possible instead of relying solely on the raw filesystem path.

[sourcery-ai]

Hey - I've left some high level feedback:

• Consider normalizing path (e.g., via Path(path).resolve() or similar) before checking isabs and composing with workspace_root to avoid subtle issues with .. segments or mixed separators.
• If workspace_root(unified_msg_origin) can fail or return an invalid path, it might be worth adding a guard or error handling to avoid raising when doing ws_path / path.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider normalizing `path` (e.g., via `Path(path).resolve()` or similar) before checking `isabs` and composing with `workspace_root` to avoid subtle issues with `..` segments or mixed separators.
- If `workspace_root(unified_msg_origin)` can fail or return an invalid path, it might be worth adding a guard or error handling to avoid raising when doing `ws_path / path`.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request introduces logic to resolve relative file paths within a workspace root for the SendMessageToUserTool. A security concern was identified regarding potential path traversal attacks; the current implementation does not prevent access to files outside the workspace if the input path contains parent directory references. It is recommended to resolve the path and verify its location relative to the workspace root.

[Soulter]

@gemini-code-assist /gemini review

[gemini-code-assist]

Code Review

This pull request introduces logic to resolve relative file paths within a user's workspace root. A security vulnerability was identified where malicious relative paths could bypass workspace boundaries and access the host's filesystem via path traversal. The feedback suggests strictly resolving relative paths within the workspace and using file-specific checks to prevent unauthorized access.